[ previous ] [ next ] [ threads ]
 From:  cfactor <cfactor at usrsbin dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Hello, question re VLAN, and wishlist
 Date:  Thu, 7 Jul 2005 00:55:18 -0700 (PDT)
Hello.  I finally bought myself a WRAP board and installed m0n0wall today!

First, a question regarding VLAN: I can't seem to find much docs on VLAN 
on m0n0's website.  I come from a Netscreen environment where the term 
VLAN and zone was used almost interchangeably(at least with our setup.) 
And we created firewall rules based on cross-zone/vlan traffic.  Well, it 
seems that m0n0wall doesn't use the term VLAN the same way, as firewall 
rules and such are based on LAN/WAN/OPT1 objects.  Can someone explain to 
me how VLANS are used on m0n0wall or point me in the right direction?

And a wishlist: like I said, I've been exposed to Netscreen way of doing 
things.  One thing I find myself missing with m0n0wall is the ability to 
add custom services and custom service groups.  I saw that group alias for 
IP addresses is already on the todo list, but I don't see any services 
alias feature in the todo list on the website.  It would be nice to be 
able to add your own list of services/protocols to the list.  Netscreen's 
OS comes with a huge list of protocols and still let you add your own. 
Keeps me from looking at the rules a year from now and wonder what that 
port was for.

Ability to group protocols/services into an alias: now that's something I 
found *really* useful working with Netscreens.  Instead of allowing all 
outbound traffic by default, I only allow explicit set of traffic.  I 
create an alias of allowed services and create a single rule to allow it. 
(or block known bad ports explicitely and log it.) Then, if I want to 
allow more services, or drop a service, I simply edit the alias and it's 
taken care of.  It might not be that big of a deal when you're only 
dealing with LAN/WAN but I sure found it useful working on our Netscreen 
208 with 7 separate networks.

But overall, m0n0 has hacked Linksys WRT54G firmwares beat in speed and 
ease of use(I bought the WRT54G few weeks ago to replace my linux 
firewall, but found a lot of them to be sluggish and OpenWRT to be too 
time-consuming, so I'm putting in m0n0wall and will be using WRT54G 
strictly as an access point.)  So I'd like to say thanks.